beautypg.com

H3C Technologies H3C S7500E Series Switches User Manual

Page 86

background image

3-23

[Switch] interface vlan-interface 2

[Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0

[Switch-Vlan-interface2] quit

# Configure the IP address of VLAN-interface 3, through which the switch communicates with the

server.

[Switch] interface vlan-interface 3

[Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0

[Switch-Vlan-interface3] quit

# Enable the switch to provide Telnet service.

[Switch] telnet server enable

# Configure the switch to use AAA for Telnet users.

[Switch] user-interface vty 0 4

[Switch-ui-vty0-4] authentication-mode scheme

[Switch-ui-vty0-4] quit

# Use HWTACACS authentication for user level switching authentication and, if HWTACACS

authentication is not available, use local authentication.

[Switch] super authentication-mode scheme local

# Create an HWTACACS scheme named hwtac.

[Switch] hwtacacs scheme hwtac

# Specify the IP address for the primary authentication server as 10.1.1.1 and the port for

authentication as 49.

[Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49

# Set the shared key for authentication packets to expert.

[Switch-hwtacacs-hwtac] key authentication expert

# Specify the scheme to exclude the domain names from usernames to be sent to the HWTACACS

server.

[Switch-hwtacacs-hwtac] user-name-format without-domain

[Switch-hwtacacs-hwtac] quit

# Create ISP domain bbb.

[Switch] domain bbb

# Configure the ISP domain to use local authentication for Telnet users.

[Switch-isp-bbb] authentication login local

# Configure to use HWTACACS scheme hwtac for privilege level switching authentication.

[Switch-isp-bbb] authentication super hwtacacs-scheme hwtac

[Switch-isp-bbb] quit

# Create a local Telnet user named test.

[Switch] local-user test

[Switch-luser-test] service-type telnet

[Switch-luser-test] password simple aabbcc

# Configure the user level of the Telnet user to 0 after user login.

[Switch-luser-test] authorization-attribute level 0

[Switch-luser-test] quit

# Configure the password for local privilege level switching authentication to 654321.

[Switch] super password simple 654321

[Switch] quit

2) Configure the HWTACACS server

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: